CVE-2024-20404

Name of the Vulnerable Software and Affected Versions Cisco Finesse (affected versions not specified)

Description A flaw exists in the web-based management interface of Cisco Finesse that could allow a remote attacker who does not need to authenticate to perform a Server-Side Request Forgery (SSRF) attack. This issue is caused by inadequate validation of user-supplied input within specific HTTP requests sent to the system. An attacker can exploit this by sending a specially crafted HTTP request to the device. A successful exploit may allow the attacker to obtain limited sensitive information related to services associated with the affected device. SSRF is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.